Title: Microsoft Windows XP Remote Desktop Plaintext Username Vulnerability
Severity: MODERATE
Description:
Microsoft Windows XP Remote Desktop transmits user account names in plain text over the network when a connection is initiated. The account name sent is not necessarily the user account name on the remote machine; it is the most recent user account used by the Remote Desktop client. A sniffer could potentially capture traffic on a network and discover user account names, especially when repeated connections are being made to a particular machine from Remote Desktop clients.
Affected Products:
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
References:
- Tomasz Polus <tomasz_polus@bsi.net.pl>: Windows XP security concerns
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
